Trojan.DownLoader26.41806

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '{D9B1D445-AEFE-5B83-BCB50F636B53C270}' = '%ALLUSERSPROFILE%\Application Data\wepizup.exe'

Modifies file system:

Creates the following files:

%ALLUSERSPROFILE%\Application Data\wepizup.exe

Sets the 'hidden' attribute to the following files:

%ALLUSERSPROFILE%\Application Data\wepizup.exe

Network activity:

Connects to:

'91.#1.1.107':445
'<LOCALNET>.0.136':445
'90.##.78.147':445
'10#.#29.180.96':445
'46.##5.230.5':80
'<LOCALNET>.0.135':445
'16#.#7.131.154':445
'21#.#54.108.98':445
'<LOCALNET>.0.134':445
'5.###.76.157':445
'16#.#3.143.180':445
'<LOCALNET>.0.133':445
'48.##5.224.103':445
'14#.#8.68.216':445
'<LOCALNET>.0.132':445
'47.##6.75.243':445
'14#.#05.213.127':445
'<LOCALNET>.0.131':445
'18#.#0.128.246':9030
'21#.#35.228.135':445
'13#.#98.82.167':445
'10#.#95.152.228':445
'13#.#7.196.157':445
'<LOCALNET>.0.137':445
'po##.#inexmr.com':4444
'11#.#3.185.96':445
'76.##5.74.95':445
'<LOCALNET>.0.145':445
'12#.#74.27.23':445
'53.##7.147.121':445
'<LOCALNET>.0.144':445
'45.##9.161.212':445
'13.##9.238.170':445
'<LOCALNET>.0.143':445
'11#.#3.150.41':445
'10#.#6.97.194':445
'17.##3.236.46':445
'<LOCALNET>.0.142':445
'<LOCALNET>.0.141':445
'14#.#.69.129':445
'18#.#47.26.101':445
'<LOCALNET>.0.140':445
'77.##.126.10':445
'10#.#.165.126':445
'<LOCALNET>.0.139':445
'82.##.108.119':445
'43.##.91.126':445
'<LOCALNET>.0.138':445
'<LOCALNET>.0.146':445
'10#.#19.27.120':445
'64.##0.204.236':445
'13#.#41.177.81':445
'20#.#81.68.251':445
'32.##3.20.106':445
'16#.#0.51.156':445
'96.##.250.30':445
'19#.#47.247.40':445
'20#.#47.202.208':445
'16#.#2.253.91':445
'10#.#24.188.194':445
'68.##.244.206':445
'11#.#18.213.111':445
'11#.#24.97.167':445
'31.##.21.250':445
'24.#1.42.48':445
'12#.#.39.131':445
'39.##.21.194':445
'18#.#1.100.50':9030
'19#.#09.219.244':445
'19#.#10.74.130':445
'10#.#36.255.121':445
'<LOCALNET>.0.128':445
'<LOCALNET>.0.127':445
'62.##1.9.133':445
'20#.#61.213.231':445
'20#.#26.126.126':445
'17#.#0.142.130':445
'5.##.103.196':445
'16#.#32.229.235':445
'22#.#88.64.28':445
'<LOCALNET>.0.130':445
'1.###.45.104':445
'27.##6.246.117':445
'10#.#65.1.252':445
'85.##1.195.119':445
'18#.#58.42.104':445
'16#.#04.96.77':445
'11#.#2.67.36':445
'17#.#29.94.185':445
'49.##1.49.166':445
'57.##5.161.2':445
'27.##9.31.244':445
'16#.#15.64.79':445
'77.##2.149.194':445
'20#.#21.76.151':445
'20#.#.225.78':445
'18#.#4.122.12':445
'96.##2.208.205':445
'<LOCALNET>.0.129':445
'81.##.98.238':445
'17#.#.87.106':445
'<LOCALNET>.0.147':445
'17#.#8.151.81':445
'<LOCALNET>.0.175':445
'14#.#27.35.171':445
'19#.#3.115.198':445
'<LOCALNET>.0.174':445
'78.##.217.75':445
'10#.#36.137.243':445
'<LOCALNET>.0.173':445
'39.##7.46.228':445
'<LOCALNET>.0.172':445
'19#.#1.84.34':445
'<LOCALNET>.0.171':445
'<LOCALNET>.0.176':445
'68.##7.47.96':445
'13#.#5.39.251':445
'<LOCALNET>.0.170':445
'<LOCALNET>.0.169':445
'14#.#00.78.219':445
'63.##9.217.181':445
'<LOCALNET>.0.168':445
'19#.#7.0.126':445
'10#.#4.97.214':445
'17#.#9.100.35':445
'<LOCALNET>.0.186':445
'67.##7.10.251':445
'18#.#5.242.12':445
'<LOCALNET>.0.185':445
'19#.#09.20.115':445
'11#.#06.78.199':445
'<LOCALNET>.0.184':445
'16#.#12.73.15':445
'<LOCALNET>.0.183':445
'19#.#15.214.240':445
'21#.#33.51.56':445
'<LOCALNET>.0.182':445
'<LOCALNET>.0.167':445
'15#.#98.33.10':445
'<LOCALNET>.0.181':445
'11#.#08.31.69':445
'<LOCALNET>.0.180':445
'17#.#44.199.167':445
'<LOCALNET>.0.179':445
'47.##.216.103':445
'<LOCALNET>.0.178':445
'14#.#54.94.151':445
'80.##4.185.33':445
'<LOCALNET>.0.177':445
'13#.#54.24.210':445
'8.###.210.226':445
'14#.#4.146.72':445
'<LOCALNET>.0.166':445
'13.##3.247.98':445
'17#.#74.188.172':445
'20#.#06.81.217':445
'<LOCALNET>.0.155':445
'16#.#6.240.10':445
'15#.#5.20.117':445
'<LOCALNET>.0.154':445
'61.##.14.155':445
'16#.#09.7.225':445
'<LOCALNET>.0.153':445
'64.##5.61.174':445
'<LOCALNET>.0.126':445
'22#.#82.166.166':445
'19#.#6.10.232':445
'<LOCALNET>.0.151':445
'19#.#27.26.171':445
'<LOCALNET>.0.150':445
'14#.#3.129.52':445
'90.##8.229.19':445
'<LOCALNET>.0.149':445
'14#.#.242.18':445
'14#.#6.60.217':445
'<LOCALNET>.0.148':445
'<LOCALNET>.0.152':445
'18#.18.21.5':445
'12.##5.167.27':445
'68.##.149.187':445
'<LOCALNET>.0.157':445
'12#.#1.234.164':445
'<LOCALNET>.0.165':445
'21#.#82.228.48':445
'38.#50.60.0':445
'<LOCALNET>.0.164':445
'13#.#2.129.120':445
'11#.#6.228.250':445
'75.##8.181.16':445
'<LOCALNET>.0.163':445
'12.##.255.123':445
'17#.#67.237.101':445
'<LOCALNET>.0.156':445
'27.##9.184.54':445
'<LOCALNET>.0.161':445
'16#.#8.34.116':445
'20#.#31.171.27':445
'<LOCALNET>.0.160':445
'19#.#25.46.68':445
'<LOCALNET>.0.159':445
'97.##.223.236':445
'<LOCALNET>.0.158':445
'<LOCALNET>.0.162':445
'52.##.216.11':445
'<LOCALNET>.0.125':445
'15#.#32.44.234':445
'84.##.211.64':445
'<LOCALNET>.0.47':445
'<LOCALNET>.0.46':445
'<LOCALNET>.0.45':445
'13#.#66.235.87':445
'51.##5.217.236':445
'<LOCALNET>.0.44':445
'36.##4.151.29':445
'<LOCALNET>.0.43':445
'<LOCALNET>.0.42':445
'<LOCALNET>.0.41':445
'<LOCALNET>.0.40':445
'<LOCALNET>.0.39':445
'<LOCALNET>.0.38':445
'20#.#14.23.94':445
'72.##.128.86':445
'<LOCALNET>.0.37':445
'<LOCALNET>.0.36':445
'<LOCALNET>.0.35':445
'<LOCALNET>.0.34':445
'<LOCALNET>.0.33':445
'64.#.53.124':445
'<LOCALNET>.0.48':445
'16#.#2.103.215':445
'<LOCALNET>.0.49':445
'43.##3.46.223':445
'65.##.230.91':445
'<LOCALNET>.0.61':445
'<LOCALNET>.0.60':445
'<LOCALNET>.0.59':445
'18#.#83.211.155':445
'74.##8.119.149':445
'<LOCALNET>.0.58':445
'<LOCALNET>.0.57':445
'21#.#2.54.33':445
'13#.#48.176.131':445
'<LOCALNET>.0.56':445
'<LOCALNET>.0.55':445
'<LOCALNET>.0.54':445
'<LOCALNET>.0.53':445
'<LOCALNET>.0.52':445
'49.#7.34.37':445
'<LOCALNET>.0.51':445
'<LOCALNET>.0.50':445
'20#.#8.233.3':445
'74.##3.252.158':445
'16#.#44.40.111':445
'<LOCALNET>.0.62':445
'21#.#39.115.76':445
'<LOCALNET>.0.32':445
'<LOCALNET>.0.31':445
'<LOCALNET>.0.10':445
'58.##1.168.67':445
'<LOCALNET>.0.9':445
'<LOCALNET>.0.8':445
'<LOCALNET>.0.7':445
'<LOCALNET>.0.6':445
'<LOCALNET>.0.5':445
'<LOCALNET>.0.4':445
'<LOCALNET>.0.3':445
'92.#2.78.33':445
'<LOCALNET_GATEWAY>':445
'10#.#16.43.44':445
'47.#.87.239':445
'<LOCALNET>.0.0':445
'11#.#05.207.40':445
'13#.#9.231.4':445
'46.##3.85.120':445
'21#.#4.153.139':445
'46.#52.26.2':45212
'14#.#75.36.115':445
'83.##.116.109':445
'36.##.219.47':445
'<LOCALNET>.0.11':445
'<LOCALNET>.0.12':445
'<LOCALNET>.0.13':445
'<LOCALNET>.0.29':445
'<LOCALNET>.0.28':445
'21#.#66.137.253':445
'<LOCALNET>.0.27':445
'<LOCALNET>.0.26':445
'<LOCALNET>.0.25':445
'<LOCALNET>.0.24':445
'<LOCALNET>.0.23':445
'15#.#05.99.230':445
'<LOCALNET>.0.22':445
'<LOCALNET>.0.20':445
'<LOCALNET>.0.21':445
'94.##2.217.221':445
'18#.#97.114.244':445
'<LOCALNET>.0.19':445
'<LOCALNET>.0.18':445
'12#.#7.170.3':445
'<LOCALNET>.0.17':445
'5.###.161.167':445
'<LOCALNET>.0.16':445
'<LOCALNET>.0.15':445
'<LOCALNET>.0.14':445
'<LOCALNET>.0.30':445
'19#.#35.10.47':445
'93.#2.83.86':445
'18#.#42.86.116':445
'13#.#13.173.194':445
'<LOCALNET>.0.106':445
'<LOCALNET>.0.105':445
'14#.#09.55.103':445
'43.##2.249.177':445
'<LOCALNET>.0.104':445
'<LOCALNET>.0.103':445
'<LOCALNET>.0.102':445
'12#.#7.204.40':445
'<LOCALNET>.0.101':445
'42.##5.219.91':445
'<LOCALNET>.0.108':445
'17#.#44.54.184':445
'<LOCALNET>.0.100':445
'<LOCALNET>.0.99':445
'<LOCALNET>.0.98':445
'<LOCALNET>.0.97':445
'<LOCALNET>.0.96':445
'72.##5.51.235':445
'21#.#80.151.72':445
'88.##6.79.140':445
'9.##.44.168':445
'<LOCALNET>.0.124':445
'<LOCALNET>.0.109':445
'<LOCALNET>.0.123':445
'<LOCALNET>.0.122':445
'<LOCALNET>.0.121':445
'62.##8.101.199':445
'19#.#8.228.19':445
'14#.#12.250.50':445
'<LOCALNET>.0.120':445
'17.##.209.134':445
'<LOCALNET>.0.119':445
'<LOCALNET>.0.118':445
'<LOCALNET>.0.95':445
'<LOCALNET>.0.107':445
'<LOCALNET>.0.117':445
'<LOCALNET>.0.116':445
'<LOCALNET>.0.115':445
'<LOCALNET>.0.114':445
'78.##0.198.34':445
'70.##8.52.200':445
'<LOCALNET>.0.113':445
'<LOCALNET>.0.112':445
'72.#3.39.91':445
'<LOCALNET>.0.111':445
'70.##6.154.248':445
'<LOCALNET>.0.110':445
'<LOCALNET>.0.94':445
'<LOCALNET>.0.93':445
'12#.#58.172.173':445
'<LOCALNET>.0.72':445
'94.##.177.182':445
'84.##.189.56':445
'19#.#51.93.111':445
'72.##5.166.100':445
'<LOCALNET>.0.78':445
'<LOCALNET>.0.77':445
'<LOCALNET>.0.76':445
'<LOCALNET>.0.75':445
'<LOCALNET>.0.74':445
'36.##.175.237':445
'16#.#5.183.71':445
'<LOCALNET>.0.71':445
'<LOCALNET>.0.70':445
'<LOCALNET>.0.69':445
'<LOCALNET>.0.68':445
'17#.#83.100.101':445
'<LOCALNET>.0.67':445
'<LOCALNET>.0.66':445
'<LOCALNET>.0.65':445
'<LOCALNET>.0.64':445
'<LOCALNET>.0.63':445
'<LOCALNET>.0.73':445
'14#.49.23.8':445
'88.##.45.123':445
'11#.#36.130.123':445
'<LOCALNET>.0.80':445
'<LOCALNET>.0.92':445
'<LOCALNET>.0.91':445
'11#.#37.172.4':445
'32.#.217.249':445
'<LOCALNET>.0.90':445
'<LOCALNET>.0.89':445
'21#.#17.246.98':445
'<LOCALNET>.0.88':445
'<LOCALNET>.0.87':445
'<LOCALNET>.0.81':445
'<LOCALNET>.0.86':445
'<LOCALNET>.0.79':445
'32.#.63.157':445
'<LOCALNET>.0.85':445
'<LOCALNET>.0.84':445
'10#.#4.124.240':445
'<LOCALNET>.0.83':445
'68.#98.5.41':445
'<LOCALNET>.0.82':445
'13#.#50.156.95':445
'51.##.157.247':445
'16#.#5.173.41':445
'9.###.129.27':445

TCP:

HTTP GET requests:

http://46.##5.230.5/tor/status-vote/current/consensus

UDP:

DNS ASK po##.#inexmr.com

Miscellaneous:

Creates and executes the following:

'%ALLUSERSPROFILE%\Application Data\wepizup.exe'

Технологии

Термины

Обучение и просвещение

Мифы

Technical Information

Рекомендации по лечению

Демо бесплатно на 14 дней